CVE-2024-49950Use After Free in Linux

CWE-416Use After Free86 documents7 sources
Severity
7.8HIGHNVD
OSV8.8
EPSS
0.0%
top 98.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
10
LinuxLinux KernelDebian Linux+7 more
Timeline
PublishedOct 21
Latest updateOct 21

Description

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix uaf in l2cap_connect [Syzbot reported] BUG: KASAN: slab-use-after-free in l2cap_connect.constprop.0+0x10d8/0x1270 net/bluetooth/l2cap_core.c:3949 Read of size 8 at addr ffff8880241e9800 by task kworker/u9:0/54 CPU: 0 UID: 0 PID: 54 Comm: kworker/u9:0 Not tainted 6.11.0-rc6-syzkaller-00268-g788220eee30d #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 Workqueue:

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages12 packages

NVDlinux/linux_kernel3.86.6.55+2
Debianlinux/linux_kernel< 6.1.119-1+2
Ubuntulinux/linux_kernel< 5.15.0-135.146+5

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

42
OSV
linux-azure-fips vulnerabilities2025-10-21
OSV
linux-oracle-5.4 vulnerabilities2025-10-21
OSV
linux-azure, linux-azure-5.4 vulnerabilities2025-10-13
OSV
linux-iot vulnerabilities2025-08-21
OSV
linux-aws-fips, linux-fips, linux-gcp-fips vulnerabilities2025-08-20

📋Vendor Advisories

43
Ubuntu
Linux kernel (Azure FIPS) vulnerabilities2025-10-21
Ubuntu
Linux kernel (Oracle) vulnerabilities2025-10-21
Ubuntu
Linux kernel (Azure) vulnerabilities2025-10-13
Ubuntu
Linux kernel (IoT) vulnerabilities2025-08-21
Ubuntu
Linux kernel (FIPS) vulnerabilities2025-08-20
CVE-2024-49950 — Use After Free in Linux | cvebase